1. Field
The embodiments discussed herein are related to a relay unit which accommodates a plurality of different tenants, for relaying data to a shared server which executes a shared application.
2. Description of Related Art
In a server application which provides an application to a network (hereinafter, referred to as “tenant”) formed for each unit of several organizations and companies, such as SaaS (Software as a Service), there is a demand of effectively using server resources by sharing an application provided to each tenant and sharing the server resources. The SaaS compatible applications are put in a shared network (for example, a server on the Internet) accessible by a plurality of tenants.
Here, the structure of the conventional system having a shared server including a multi-tenant compatible shared application, clients within each tenant, and a gateway (hereinafter, referred to as “GW”) for relaying data between the tenants and the shared server is illustrated in FIG. 1. The GW is a device such as a multi-tenant compatible VPN which can accommodate a plurality of different independent networks, and satisfies a requirement that the respective tenants should be logically treated as individual networks so as not to communicate with each other directly.
The clients within the respective tenants make communication without being conscious of the tenants they belong to. Namely, when each client within a tenant transmits and receives a request message to and from the shared server, the client does not attach the information for identifying the client's own tenant (hereinafter, referred to as a “tenant ID”). Here, the unit of data exchanged between applications and the data formed of a plurality of packets is referred to as a “message.”
On the other hand, the conventional multi-tenant compatible GW recognizes the respective tenants depending on where the data is transmitted from, according to the IP address possessed by the GW (in the example of FIG. 1, IP address for gaining access to a segment of the tenant A or IP address for gaining access to a segment of the tenant B) and VLAN, attaches the respective tenant IDs to the respective request messages, and then transmits the data to the shared server, in order to separately treat the communications of the respective tenants.
Upon receipt of a request message from the target processing and the tenant ID, the conventional shared server recognizes the specified tenant ID and finds out which tenant the processing is destined for, so that the shared application can be executed there.
As a method of relating a message to a tenant ID, the following two conventional methods can be considered.
The first conventional method is a method of embedding a tenant ID into a message. FIG. 2 illustrates the first conventional method. In this case, when the GW receives a message from each of the tenants, it embeds the tenant ID into the message and propagates it to the shared server. The shared server reads the tenant ID embedded in the message, to check the tenant. In the opposite direction, tenant information is transmitted from the shared server to the GW, by similarly embedding the tenant ID into the message.
The second conventional method is a method of embedding a tenant ID into a packet. FIG. 3 illustrates the second conventional embodiment. Similarly to the first conventional method of embedding it into a message, the GW embeds a tenant ID into a packet coming from the tenant and propagates it to a server.
FIG. 4 illustrates a functional block common in the first and second conventional methods. Both the GW and the shared server each have the structure including a tenant ID embedding unit which embeds a tenant ID recognized by a tenant recognizing unit into a message or a packet and reads out the above tenant ID.
As the conventional technique of communication with a tenant ID embedded, for example, a technique about a communication using SIP is disclosed.
The above-mentioned method of always embedding the tenant IDs in all the messages or all the packets increases the loads due to the embedding and reading processing, and hence degrades the performance in the GW and the shared server. Further, the above second conventional method makes it difficult to transmit the information on a tenant to an application on the side of a server because the packet header is deleted when passing through the TCP/IP layer within the server.